| CVE-2025-69385 | WordPress Cartify - WooCommerce Gutenberg WordPress Theme theme <= 1.3 - Arbitrary Content Deletion vulnerability | AgniHD | Cartify - WooCommerce Gutenberg WordPress Theme | Medium | 6.5 | 2026-02-20 15:46:54 | Deep Dive |
| CVE-2025-69368 | WordPress SOHO - Photography WordPress Theme theme <= 3.0.3 - Cross Site Scripting (XSS) vulnerability | GT3themes | SOHO - Photography WordPress Theme | - | - | 2026-02-20 15:46:51 | Deep Dive |
| CVE-2025-69367 | WordPress Oyster - Photography WordPress Theme theme <= 4.4.3 - Cross Site Scripting (XSS) vulnerability | GT3themes | Oyster - Photography WordPress Theme | - | - | 2026-02-20 15:46:51 | Deep Dive |
| CVE-2025-68837 | WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Broken Access Control vulnerability | ELEXtensions | ELEX WordPress HelpDesk & Customer Ticketing System | Medium | 6.5 | 2026-02-20 15:46:42 | Deep Dive |
| CVE-2025-68028 | WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerability | Passionate Brains | GA4WP: Google Analytics for WordPress | Medium | 6.5 | 2026-02-20 15:46:36 | Deep Dive |
| CVE-2026-27052 | WordPress Sales Countdown Timer for WooCommerce and WordPress plugin < 1.1.9 - Local File Inclusion vulnerability | villatheme | Sales Countdown Timer for WooCommerce and WordPress | - | - | 2026-02-19 08:27:10 | Deep Dive |
| CVE-2026-25392 | WordPress Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress plugin <= 1.4.0 - Open Redirection vulnerability | KaizenCoders | Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress | Medium | 4.7 | 2026-02-19 08:27:03 | Deep Dive |
| CVE-2026-25325 | WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data Exposure vulnerability | rtCamp | rtMedia for WordPress, BuddyPress and bbPress | - | - | 2026-02-19 08:26:56 | Deep Dive |
| CVE-2026-0974 | Orderable <= 1.20.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation | orderable | Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin | High | 8.8 | 2026-02-19 04:36:22 | Deep Dive |
| CVE-2025-14851 | YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters | yhunter | YaMaps for WordPress Plugin | Medium | 6.4 | 2026-02-19 04:36:20 | Deep Dive |
| CVE-2025-15041 | BackWPup <= 5.6.2 - Authenticated (BackWPup Helper+) Privilege Escalation via Arbitrary Options Update | wp_media | BackWPup – WordPress Backup & Restore Plugin | High | 7.2 | 2026-02-19 04:36:08 | Deep Dive |
| CVE-2026-1317 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name | smackcoders | WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress | Medium | 6.5 | 2026-02-18 12:28:35 | Deep Dive |
| CVE-2025-8781 | Bookster – WordPress Appointment Booking Plugin <= 2.1.1 - Authenticated (Administrator+) SQL Injection via 'raw' | bookster | Bookster – WordPress Appointment Booking Plugin | Medium | 4.9 | 2026-02-18 12:28:34 | Deep Dive |
| CVE-2026-1656 | Business Directory Plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification | strategy11team | Business Directory Plugin – Easy Listing Directories for WordPress | Medium | 5.3 | 2026-02-18 08:26:05 | Deep Dive |
| CVE-2026-1640 | Taskbuilder <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation | taskbuilder | Taskbuilder – Project Management & Task Management Tool With Kanban Board | Medium | 4.3 | 2026-02-18 06:42:42 | Deep Dive |
| CVE-2026-1807 | InteractiveCalculator for WordPress <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute | interactivecalculator | InteractiveCalculator for WordPress | Medium | 6.4 | 2026-02-18 06:42:41 | Deep Dive |
| CVE-2025-12122 | Popup Box – Easily Create WordPress Popups <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpcalc | Popup Box – Easily Create WordPress Popups | Medium | 6.4 | 2026-02-18 05:29:18 | Deep Dive |
| CVE-2026-1639 | Taskbuilder <= 5.0.2 - Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters | taskbuilder | Taskbuilder – Project Management & Task Management Tool With Kanban Board | Medium | 6.5 | 2026-02-18 05:29:17 | Deep Dive |
| CVE-2026-2576 | Business Directory Plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter | strategy11team | Business Directory Plugin – Easy Listing Directories for WordPress | High | 7.5 | 2026-02-18 04:35:46 | Deep Dive |
| CVE-2026-1296 | Frontend Post Submission Manager Lite <= 1.2.7 - Unauthenticated Open Redirect via 'requested_page' Parameter | wpshuffle | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin | Medium | 6.1 | 2026-02-18 04:35:44 | Deep Dive |